diff options
author | Junio C Hamano <gitster@pobox.com> | 2021-02-23 03:12:42 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2021-02-23 03:12:42 +0300 |
commit | 15af6e6fee54632358798bef548d89dd3764805d (patch) | |
tree | f4464996780c0c94bd0901bab9e161b9679fe05f /fmt-merge-msg.c | |
parent | b9554c03a0a8147109608b94feb32837a6e6a145 (diff) | |
parent | 9b27b49240f6bf760ff58d917491bec0981aaf9f (diff) |
Merge branch 'bc/signed-objects-with-both-hashes'
Signed commits and tags now allow verification of objects, whose
two object names (one in SHA-1, the other in SHA-256) are both
signed.
* bc/signed-objects-with-both-hashes:
gpg-interface: remove other signature headers before verifying
ref-filter: hoist signature parsing
commit: allow parsing arbitrary buffers with headers
gpg-interface: improve interface for parsing tags
commit: ignore additional signatures when parsing signed commits
ref-filter: switch some uses of unsigned long to size_t
Diffstat (limited to 'fmt-merge-msg.c')
-rw-r--r-- | fmt-merge-msg.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/fmt-merge-msg.c b/fmt-merge-msg.c index 46f6015c44..1e51492a05 100644 --- a/fmt-merge-msg.c +++ b/fmt-merge-msg.c @@ -510,22 +510,28 @@ static void fmt_merge_msg_sigs(struct strbuf *out) for (i = 0; i < origins.nr; i++) { struct object_id *oid = origins.items[i].util; enum object_type type; - unsigned long size, len; + unsigned long size; char *buf = read_object_file(oid, &type, &size); + char *origbuf = buf; + unsigned long len = size; struct signature_check sigc = { NULL }; - struct strbuf sig = STRBUF_INIT; + struct strbuf payload = STRBUF_INIT, sig = STRBUF_INIT; if (!buf || type != OBJ_TAG) goto next; - len = parse_signature(buf, size); - if (size == len) - ; /* merely annotated */ - else if (check_signature(buf, len, buf + len, size - len, &sigc) && - !sigc.gpg_output) - strbuf_addstr(&sig, "gpg verification failed.\n"); - else - strbuf_addstr(&sig, sigc.gpg_output); + if (!parse_signature(buf, size, &payload, &sig)) + ;/* merely annotated */ + else { + buf = payload.buf; + len = payload.len; + if (check_signature(payload.buf, payload.len, sig.buf, + sig.len, &sigc) && + !sigc.gpg_output) + strbuf_addstr(&sig, "gpg verification failed.\n"); + else + strbuf_addstr(&sig, sigc.gpg_output); + } signature_check_clear(&sigc); if (!tag_number++) { @@ -548,9 +554,10 @@ static void fmt_merge_msg_sigs(struct strbuf *out) strlen(origins.items[i].string)); fmt_tag_signature(&tagbuf, &sig, buf, len); } + strbuf_release(&payload); strbuf_release(&sig); next: - free(buf); + free(origbuf); } if (tagbuf.len) { strbuf_addch(out, '\n'); |